Data Processing Agreement

A Data Processing Agreement (DPA) is required under GDPR Article 28 when an organization (Controller) engages a service provider (Processor) to process personal data on their behalf.

When Do You Need a DPA?

You may need a DPA if your organization:

Is based in the EU/EEA or processes personal data of EU residents
Uses our platform to manage email signatures containing employee personal data
Enables email tracking features that collect recipient data
Is required by your own data protection policies to have DPAs with service providers

Download DPA Template

Download our standard DPA template for review

Our standard DPA covers:

GDPR Article 28 requirements
Sub-processor list
Technical & organizational measures
Data breach notification
International transfers (SCCs)

Request Custom DPA

Need custom terms or a signed copy?

A countersigned DPA
Custom terms or amendments
Additional security documentation
Vendor security questionnaire completion

Current Sub-processors

Third-party services that process data on our behalf

Provider	Purpose	Location
Clerk	Authentication	United States
DigitalOcean	Cloud hosting, file storage	EU (Amsterdam) / US
Neon	Database hosting	EU (Frankfurt)
PostHog	Product analytics	EU (Frankfurt)
Polar	Billing & subscriptions	EU
Resend	Transactional email	United States

For the complete list, see our Privacy Policy.

Data Processing Agreement

When Do You Need a DPA?

Download DPA Template

Request Custom DPA

Current Sub-processors

Questions?